For a single request, use the --cacert option to point directly to your downloaded file: curl --cacert /path/to/cacert.pem https://example.com Use code with caution. Setting a Permanent Environment Variable
openssl s_client -showcerts -connect example.com:443 /dev/null | openssl x509 -outform PEM > site_cert.pem Use code with caution. download ca certificate curl
curl --remote-name --time-cond cacert.pem https://curl.se/ca/cacert.pem Use code with caution. For a single request, use the --cacert option
The most reliable way to obtain a universal trust store is to use the Mozilla CA certificate bundle, which is regularly updated and extracted for use with curl . For a single request
You can then use curl --cacert site_cert.pem https://example.com to verify that specific connection. Summary Table: Common Fixes CA certificates extracted from Mozilla - curl